Sign Your Users Up in the War on Spam and Viruses

When it comes to fighting spam and viruses on your network, your most important asset is an educated user community. Recruit and arm your users today.

As a mail administrator, it's your job to fight the evils of the
Internet and try to keep spam and viruses away from your users. I'm
sure you already know that. You probably spend a lot of time fending
off complaints about unsolicited email, and cleaning up messes after
viruses rampage through your systems. You probably don't even get
thank yous from the folks who messed up in the first place.

Let's take a look at some things you can teach your users, or do on
their machines, to make your own life easier. You'll still be short on
thank yous, but you'll make up for that with a lot fewer complaints
and panics.

Fighting Viruses
If at all possible, install antivirus software on every end user's
machine. And don't just stop there. Set it up to automatically check
for updates and then update itself at minimum on a daily basis. That's
right, daily. Or, if you don't want that kind of external bandwidth
hit every day at 05:00, set up a central machine to update itself over
the Internet, and then have the user machines grab updates from your
central update server. How you do it isn't as important as doing it.

And don't think that if your users aren't running a combination of
Microsoft Windows and Microsoft Outlook, that they're perfectly safe.
Viruses, worms, and their wriggly little cousins come in all shapes
and sizes, and for more than just one program and one operating
system. As people continue migrating to other solutions then virus
writers will start targeting them as well. So get your act together
now and make sure your systems are protected.

Yes, this could add up to a lot of work. But it's a lot less work than
having to dig around on the Internet and find out every little change
a virus makes so you can remove it from your users' systems while
management wants to know how they got infected in the first place. If
no one will open the purse strings, just show them a few statistics
about our latest virus friend, Klez.

Fighting Spam
If spam is getting out of control in your workplace, you'll know about
it. Everyone from the CEO to the mailroom will be coming to you,
asking for protection from the growing mounds of drek pouring in.
There's a few things you can do about this on the end user side of
things. First off, you might be able to convince the bosses to invest
in spam filtering software, at least for some of your personnel. Some
popular Anti-spam programs include SpamKiller
(http://www.mcafee.com/myapps/msk/default.asp) and SpamCop
(http://spamcop.net/).

Also, watch the legal side of things. Spammers are finally being taken
to court, and legislated out of particular areas. Depending on the
laws in your part of the world/country/state/province/city/etc., you
might actually be able to take legal action. If you can't, then let
your legislators know that if spammers claim to run a legitimate
business, then they shouldn't be spoofing addresses, using misleading
subject headers, hijacking other people's equipment to send mail from
to avoid being filtered out, and so on. Encourage your co-workers and
bosses to speak up as well.

Education
Once you've set up the other solutions, do yourself a big favor and
write up a set of policies that will help against spam, viruses, and
improper use of email on business time and equipment. You might have
to do two separate ones: one as a strictly business policy statement,
and another as a "social engineering" method of trying to get people
to actually abide by them.

Gather your ideas in the strict policy, and then expand on it in the
friendlier version. In the nice happy version, try to avoid just
laying out rules, and lots of "don't do this" and "don't do that." If
you want people to follow your lead, you need to give them good
reasons to do so, so include lots of examples and explanations. Make
it peppy and maybe even entertaining. You might even want to bring
your technical writing department in on this if you have one, or the
PR/marketing folks, if you're uncomfortable with persuasive writing.

Great ways to sell good antispam and antivirus policies to your users
includes pointing out that:

Knowing and using this information makes them sound more savvy when
talking to Internet-literate friends.

Knowing this information lets them be the guru in teaching family,
coworkers, and friends how to deal with spam and viruses.

This information will help them at home as much as it will help them
at work.

Wrapping Up
Fighting viruses and spam requires a lot of cooperation between IT and
end users. Make life easier on yourself and your user base by giving
people a clear education on spam and viruses, how to deal with them,
and taking the time to implement whatever antispam and antivirus
solutions your budget allows. If you need some starting points for
suggestions to your users, try the following:

Don't purchase services or products from a spammer. When one spammer
manages to make money, it encourages the entire lot of them.

Watch out for emails from unfamiliar names that tell you to click
and go to a web site. The site might actually be waiting to do harm to
your machine.

Viruses and worms travel in many ways, and exist for just about
every operating system. Don't open unsolicited attachments, even if it
looks like it's from a friend of yours=97if you're not sure, then ask
them before opening. The From field in your email might actually be a
lie.

Your employer has the right to look at any email you send from work.
Keep all of the really personal stuff for talking about from your
private email account at home!

Please don't forward jokes around from work. Especially don't build
joke newsletters at work. Keep that for your personal time. We have no
sense of humor at work.